* [PATCH 0/2] apparmor unaligned memory fixes
@ 2025-05-31 15:08 deller
2025-05-31 15:08 ` [PATCH 1/2] apparmor: Fix 8-byte alignment for initial dfa blob streams deller
2025-05-31 15:08 ` [PATCH 2/2] apparmor: Fix unaligned memory accesses in KUnit test deller
0 siblings, 2 replies; 3+ messages in thread
From: deller @ 2025-05-31 15:08 UTC (permalink / raw)
To: linux-kernel, apparmor, John Johansen, linux-security-module; +Cc: Helge Deller
From: Helge Deller <deller@gmx.de>
Two patches which fix unaligned memory accesses in apparmor.
Both triggered on the parisc platform, which is much more
memory alignment sensitive and will report violations.
Please check and apply.
Helge
Helge Deller (2):
apparmor: Fix 8-byte alignment for initial dfa blob streams
apparmor: Fix unaligned memory accesses in KUnit test
security/apparmor/lsm.c | 4 ++--
security/apparmor/policy_unpack_test.c | 6 ++++--
2 files changed, 6 insertions(+), 4 deletions(-)
--
2.47.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] apparmor: Fix 8-byte alignment for initial dfa blob streams
2025-05-31 15:08 [PATCH 0/2] apparmor unaligned memory fixes deller
@ 2025-05-31 15:08 ` deller
2025-05-31 15:08 ` [PATCH 2/2] apparmor: Fix unaligned memory accesses in KUnit test deller
1 sibling, 0 replies; 3+ messages in thread
From: deller @ 2025-05-31 15:08 UTC (permalink / raw)
To: linux-kernel, apparmor, John Johansen, linux-security-module
Cc: Helge Deller, stable
From: Helge Deller <deller@gmx.de>
The dfa blob stream for the aa_dfa_unpack() function is expected to be aligned
on a 8 byte boundary.
The static nulldfa_src[] and stacksplitdfa_src[] arrays store the inital
apparmor dfa blob streams, but since they are declared as an array-of-chars
the compiler and linker will only ensure a "char" (1-byte) alignment.
Add an __aligned(8) annotation to the arrays to tell the linker to always
align them on a 8-byte boundary. This avoids runtime warnings at startup on
alignment-sensitive platforms like parisc such as:
Kernel: unaligned access to 0x7f2a584a in aa_dfa_unpack+0x124/0x788 (iir 0xca0109f)
Kernel: unaligned access to 0x7f2a584e in aa_dfa_unpack+0x210/0x788 (iir 0xca8109c)
Kernel: unaligned access to 0x7f2a586a in aa_dfa_unpack+0x278/0x788 (iir 0xcb01090)
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org
---
security/apparmor/lsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 9b6c2f157f83..531bde29cccb 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -2149,12 +2149,12 @@ static int __init apparmor_nf_ip_init(void)
__initcall(apparmor_nf_ip_init);
#endif
-static char nulldfa_src[] = {
+static char nulldfa_src[] __aligned(8) = {
#include "nulldfa.in"
};
static struct aa_dfa *nulldfa;
-static char stacksplitdfa_src[] = {
+static char stacksplitdfa_src[] __aligned(8) = {
#include "stacksplitdfa.in"
};
struct aa_dfa *stacksplitdfa;
--
2.47.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] apparmor: Fix unaligned memory accesses in KUnit test
2025-05-31 15:08 [PATCH 0/2] apparmor unaligned memory fixes deller
2025-05-31 15:08 ` [PATCH 1/2] apparmor: Fix 8-byte alignment for initial dfa blob streams deller
@ 2025-05-31 15:08 ` deller
1 sibling, 0 replies; 3+ messages in thread
From: deller @ 2025-05-31 15:08 UTC (permalink / raw)
To: linux-kernel, apparmor, John Johansen, linux-security-module; +Cc: Helge Deller
From: Helge Deller <deller@gmx.de>
The testcase triggers some unneccessary unaligned memory accesses on the
parisc architecture:
Kernel: unaligned access to 0x12f28e27 in policy_unpack_test_init+0x180/0x374 (iir 0x0cdc1280)
Kernel: unaligned access to 0x12f28e67 in policy_unpack_test_init+0x270/0x374 (iir 0x64dc00ce)
Use the existing helper functions put_unaligned_le32() and
put_unaligned_le16() to avoid such warnings on architectures which
prefer aligned memory accesses.
Signed-off-by: Helge Deller <deller@gmx.de>
---
security/apparmor/policy_unpack_test.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/policy_unpack_test.c b/security/apparmor/policy_unpack_test.c
index 5b2ba88ae9e2..cf18744dafe2 100644
--- a/security/apparmor/policy_unpack_test.c
+++ b/security/apparmor/policy_unpack_test.c
@@ -9,6 +9,8 @@
#include "include/policy.h"
#include "include/policy_unpack.h"
+#include <linux/unaligned.h>
+
#define TEST_STRING_NAME "TEST_STRING"
#define TEST_STRING_DATA "testing"
#define TEST_STRING_BUF_OFFSET \
@@ -80,7 +82,7 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
*(buf + 1) = strlen(TEST_U32_NAME) + 1;
strscpy(buf + 3, TEST_U32_NAME, e->end - (void *)(buf + 3));
*(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
- *((__le32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = cpu_to_le32(TEST_U32_DATA);
+ put_unaligned_le32(TEST_U32_DATA, buf + 3 + strlen(TEST_U32_NAME) + 2);
buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
*buf = AA_NAME;
@@ -103,7 +105,7 @@ static struct aa_ext *build_aa_ext_struct(struct policy_unpack_fixture *puf,
*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
strscpy(buf + 3, TEST_ARRAY_NAME, e->end - (void *)(buf + 3));
*(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
- *((__le16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = cpu_to_le16(TEST_ARRAY_SIZE);
+ put_unaligned_le16(TEST_ARRAY_SIZE, buf + 3 + strlen(TEST_ARRAY_NAME) + 2);
return e;
}
--
2.47.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-05-31 15:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-31 15:08 [PATCH 0/2] apparmor unaligned memory fixes deller
2025-05-31 15:08 ` [PATCH 1/2] apparmor: Fix 8-byte alignment for initial dfa blob streams deller
2025-05-31 15:08 ` [PATCH 2/2] apparmor: Fix unaligned memory accesses in KUnit test deller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).